From 6cadf659798226413e8fc8f1ea64d633100fbee3 Mon Sep 17 00:00:00 2001 From: maliming Date: Thu, 16 Apr 2026 13:03:01 +0900 Subject: [PATCH 1/9] Upgrade System.Security.Cryptography.Xml to 10.0.6 Fix CVE-2026-26171 (GHSA-w3x6-4m5h-cxqf) high severity vulnerability --- Directory.Packages.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index df4d704afc..4b5cfa90f1 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -174,7 +174,7 @@ - + From f27b91c11c5cb5227eabab730442c28c4fea1027 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 16 Apr 2026 04:03:51 +0000 Subject: [PATCH 2/9] docs: update package version changes [skip ci] --- docs/en/package-version-changes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 86a4a0cfc9..61996a8d84 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,6 +7,12 @@ # Package Version Changes +## 10.3.0 + +| Package | Old Version | New Version | PR | +|---------|-------------|-------------|-----| +| System.Security.Cryptography.Xml | 10.0.2 | 10.0.6 | #25279 | + ## 10.3.0-rc.1 | Package | Old Version | New Version | PR | From 334ef60b3bb041dea4e2969c7eb019b6cee53360 Mon Sep 17 00:00:00 2001 From: maliming Date: Thu, 16 Apr 2026 13:05:28 +0900 Subject: [PATCH 3/9] Update package version changes for 10.3.1 --- docs/en/package-version-changes.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 61996a8d84..370daea23a 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,19 +7,14 @@ # Package Version Changes -## 10.3.0 - -| Package | Old Version | New Version | PR | -|---------|-------------|-------------|-----| -| System.Security.Cryptography.Xml | 10.0.2 | 10.0.6 | #25279 | - -## 10.3.0-rc.1 +## 10.3.1 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| | Autofac | 8.4.0 | 9.1.0 | #25190 | | Autofac.Extensions.DependencyInjection | 10.0.0 | 11.0.0 | #25190 | | Microsoft.Bcl.AsyncInterfaces | 10.0.2 | 10.0.4 | #25190 | +| System.Security.Cryptography.Xml | 10.0.2 | 10.0.6 | #25279 | ## 10.2.1 From b90ee165c6416afdff5f7fd892db25920517b964 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 16 Apr 2026 04:06:49 +0000 Subject: [PATCH 4/9] docs: update package version changes [skip ci] --- docs/en/package-version-changes.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 370daea23a..61996a8d84 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,14 +7,19 @@ # Package Version Changes -## 10.3.1 +## 10.3.0 + +| Package | Old Version | New Version | PR | +|---------|-------------|-------------|-----| +| System.Security.Cryptography.Xml | 10.0.2 | 10.0.6 | #25279 | + +## 10.3.0-rc.1 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| | Autofac | 8.4.0 | 9.1.0 | #25190 | | Autofac.Extensions.DependencyInjection | 10.0.0 | 11.0.0 | #25190 | | Microsoft.Bcl.AsyncInterfaces | 10.0.2 | 10.0.4 | #25190 | -| System.Security.Cryptography.Xml | 10.0.2 | 10.0.6 | #25279 | ## 10.2.1 From 9d46030cb720736000b0ae1e82e07f8dff43f36a Mon Sep 17 00:00:00 2001 From: maliming Date: Thu, 16 Apr 2026 13:12:13 +0900 Subject: [PATCH 5/9] Bump patch version in dependency change detector when tag exists --- .../scripts/test_update_dependency_changes.py | 59 ++++++++++++++++++- .github/scripts/update_dependency_changes.py | 43 ++++++++++++++ ...nuget-packages-version-change-detector.yml | 1 + docs/en/package-version-changes.md | 2 +- 4 files changed, 102 insertions(+), 3 deletions(-) diff --git a/.github/scripts/test_update_dependency_changes.py b/.github/scripts/test_update_dependency_changes.py index fde9720590..2afaeec6a3 100644 --- a/.github/scripts/test_update_dependency_changes.py +++ b/.github/scripts/test_update_dependency_changes.py @@ -14,7 +14,7 @@ import sys import os sys.path.insert(0, os.path.dirname(__file__)) -from update_dependency_changes import merge_changes, render_section, normalize_version, extract_preamble +from update_dependency_changes import merge_changes, render_section, normalize_version, extract_preamble, bump_patch_if_released def test_update_then_revert(): @@ -438,6 +438,55 @@ def test_normalize_version_stable(): print("✓ Passed: stable versions unchanged\n") +def test_bump_patch_no_tag(): + """Test: version tag does not exist, should return as-is.""" + print("Test 23: bump_patch_if_released - no tag exists") + tag_exists = lambda t: False + assert bump_patch_if_released("10.3.0", tag_exists) == "10.3.0" + assert bump_patch_if_released("10.2.0", tag_exists) == "10.2.0" + print("✓ Passed: version unchanged when tag does not exist\n") + + +def test_bump_patch_tag_exists(): + """Test: version tag exists, should bump patch.""" + print("Test 24: bump_patch_if_released - tag exists") + existing_tags = {"10.3.0"} + tag_exists = lambda t: t in existing_tags + assert bump_patch_if_released("10.3.0", tag_exists) == "10.3.1", \ + f"Expected '10.3.1', got: {bump_patch_if_released('10.3.0', tag_exists)}" + print("✓ Passed: version bumped to 10.3.1\n") + + +def test_bump_patch_multiple_tags(): + """Test: multiple consecutive tags exist, should bump past all.""" + print("Test 25: bump_patch_if_released - multiple tags exist") + existing_tags = {"10.3.0", "10.3.1", "10.3.2"} + tag_exists = lambda t: t in existing_tags + assert bump_patch_if_released("10.3.0", tag_exists) == "10.3.3", \ + f"Expected '10.3.3', got: {bump_patch_if_released('10.3.0', tag_exists)}" + print("✓ Passed: version bumped past all existing tags\n") + + +def test_bump_patch_prerelease_skipped(): + """Test: pre-release versions should not be bumped.""" + print("Test 26: bump_patch_if_released - pre-release skipped") + tag_exists = lambda t: True # all tags "exist" + assert bump_patch_if_released("10.3.0-rc.1", tag_exists) == "10.3.0-rc.1" + assert bump_patch_if_released("10.3.0-rc.2", tag_exists) == "10.3.0-rc.2" + assert bump_patch_if_released("10.3.0-preview", tag_exists) == "10.3.0-preview" + print("✓ Passed: pre-release versions not bumped\n") + + +def test_bump_patch_non_zero_patch(): + """Test: version with non-zero patch, tag exists, should bump.""" + print("Test 27: bump_patch_if_released - non-zero patch version") + existing_tags = {"10.3.1"} + tag_exists = lambda t: t in existing_tags + assert bump_patch_if_released("10.3.1", tag_exists) == "10.3.2", \ + f"Expected '10.3.2', got: {bump_patch_if_released('10.3.1', tag_exists)}" + print("✓ Passed: non-zero patch correctly bumped\n") + + def run_all_tests(): """Run all test cases.""" print("=" * 70) @@ -466,9 +515,14 @@ def run_all_tests(): test_normalize_version_preview() test_normalize_version_rc() test_normalize_version_stable() + test_bump_patch_no_tag() + test_bump_patch_tag_exists() + test_bump_patch_multiple_tags() + test_bump_patch_prerelease_skipped() + test_bump_patch_non_zero_patch() print("=" * 70) - print("All 22 tests passed! ✓") + print("All 27 tests passed! ✓") print("=" * 70) print("\nTest coverage summary:") print(" ✓ Basic scenarios (update, add, remove)") @@ -478,6 +532,7 @@ def run_all_tests(): print(" ✓ Document format validation") print(" ✓ Preamble extraction (SEO block, no preamble, no heading)") print(" ✓ Version normalization (preview -> rc.1)") + print(" ✓ Patch version bump when tag already released") print("=" * 70) diff --git a/.github/scripts/update_dependency_changes.py b/.github/scripts/update_dependency_changes.py index f4f2c3db6c..02ab623ff8 100644 --- a/.github/scripts/update_dependency_changes.py +++ b/.github/scripts/update_dependency_changes.py @@ -25,6 +25,46 @@ def normalize_version(version): return version +def check_tag_exists(tag): + """Check if a git tag exists.""" + result = subprocess.run( + ["git", "tag", "-l", tag], + capture_output=True, + text=True, + ) + return result.returncode == 0 and tag in result.stdout.strip().split("\n") + + +def bump_patch_if_released(version, tag_exists_fn=None): + """If the version tag already exists, bump the patch version. + + Only applies to stable versions (no pre-release suffix like -rc.N). + """ + if tag_exists_fn is None: + tag_exists_fn = check_tag_exists + + # Only bump stable versions (no pre-release suffix) + if "-" in version: + return version + + parts = version.split(".") + if len(parts) != 3: + return version + + major, minor = parts[0], parts[1] + try: + patch = int(parts[2]) + except ValueError: + return version + + current = version + while tag_exists_fn(current): + patch += 1 + current = f"{major}.{minor}.{patch}" + + return current + + def get_version(): """Read the current version from common.props.""" try: @@ -296,6 +336,9 @@ def main(): print("Could not read version from common.props.") sys.exit(1) + version = bump_patch_if_released(version) + print(f"Resolved version: {version}") + diff = get_diff(base_ref) if not diff: print("No diff found for Directory.Packages.props.") diff --git a/.github/workflows/nuget-packages-version-change-detector.yml b/.github/workflows/nuget-packages-version-change-detector.yml index 45dba3332b..1ef091b00c 100644 --- a/.github/workflows/nuget-packages-version-change-detector.yml +++ b/.github/workflows/nuget-packages-version-change-detector.yml @@ -43,6 +43,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 + fetch-tags: true - name: Fetch base branch run: git fetch origin ${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }} --depth=1 diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 61996a8d84..5b4722e976 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,7 +7,7 @@ # Package Version Changes -## 10.3.0 +## 10.3.1 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| From 13465d873018ee2885928ece14bfb5bbe8359763 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 16 Apr 2026 04:13:12 +0000 Subject: [PATCH 6/9] docs: update package version changes [skip ci] --- docs/en/package-version-changes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 5b4722e976..61996a8d84 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,7 +7,7 @@ # Package Version Changes -## 10.3.1 +## 10.3.0 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| From 895b8d670c56328848c8c7d24a3272ea8929832b Mon Sep 17 00:00:00 2001 From: Ma Liming Date: Thu, 16 Apr 2026 13:15:29 +0900 Subject: [PATCH 7/9] Update package version from 10.3.0 to 10.3.1 --- docs/en/package-version-changes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 61996a8d84..5b4722e976 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,7 +7,7 @@ # Package Version Changes -## 10.3.0 +## 10.3.1 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| From 7b07ac3204bcbef1f1f0cc7bd2064eeaff3a24f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 16 Apr 2026 04:16:02 +0000 Subject: [PATCH 8/9] docs: update package version changes [skip ci] --- docs/en/package-version-changes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 5b4722e976..61996a8d84 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,7 +7,7 @@ # Package Version Changes -## 10.3.1 +## 10.3.0 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----| From b0517bc77160221963fbdb1208b5d9795f564a6e Mon Sep 17 00:00:00 2001 From: maliming Date: Thu, 16 Apr 2026 13:20:05 +0900 Subject: [PATCH 9/9] Fix fetch-tags in dependency change detector workflow --- .../workflows/nuget-packages-version-change-detector.yml | 7 ++++--- docs/en/package-version-changes.md | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nuget-packages-version-change-detector.yml b/.github/workflows/nuget-packages-version-change-detector.yml index 1ef091b00c..4ed7fad8de 100644 --- a/.github/workflows/nuget-packages-version-change-detector.yml +++ b/.github/workflows/nuget-packages-version-change-detector.yml @@ -43,10 +43,11 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 - fetch-tags: true - - name: Fetch base branch - run: git fetch origin ${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }} --depth=1 + - name: Fetch base branch and tags + run: | + git fetch origin ${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }} --depth=1 + git fetch --tags origin - uses: actions/setup-python@v5 with: diff --git a/docs/en/package-version-changes.md b/docs/en/package-version-changes.md index 61996a8d84..5b4722e976 100644 --- a/docs/en/package-version-changes.md +++ b/docs/en/package-version-changes.md @@ -7,7 +7,7 @@ # Package Version Changes -## 10.3.0 +## 10.3.1 | Package | Old Version | New Version | PR | |---------|-------------|-------------|-----|